HarborGuard / CVE
Back to search
HIGHCVE-2026-5750Published Modified CNA INCIBE

CVE-2026-5750: Insecure direct object reference (IDOR) vulnerability in Fullstep

An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result from: '/api/suppliers/v1/suppliers//false' to list user information; and '/#/supplier-registration/supplier-registration//2' to update your user information (personal details, documents, etc.).

Metrics

CVSS v4.0
7.6
Severity
HIGH
Fixed in
5.30.07
Affected Products
1

Fix available

5.30.07
Patch commits
Affected packages
  • Fullstep / Fullstep
    5
    Fixed in 5.30.07
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
References
CVE-2026-5750: Insecure direct object reference (IDOR) vulnerability in Fullstep | HarborGuard CVE